<?php
/*
 * Gallery - a web based photo album viewer and editor
 * Copyright (C) 2000-2002 Bharat Mediratta
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or (at
 * your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
?>
<?php
// Hack prevention.
if (!empty($_REQUEST["GALLERY_BASEDIR"])) {
	print "Security violation\n";
	exit;
}
?>
<?php require("./init.php"); ?>
<?php
// Hack check
if (!$gallery->user->canChangeTextOfAlbum($gallery->album)) {
	exit;
}
	
getRequestVars('submit');
if (!strcmp($submit, _XG_SAVE)) {
	// we want to sanitize by adding slashes 
	$myts =& MyTextSanitizer::getInstance();
	$gallery->album->fields[$field] = $myts->addSlashes($data);
	$gallery->album->save();
	dismissAndReload();
	return;
}

?>

<html>
<head>
  <title><?php echo _XG_EDIT; ?> <?php echo $field ?></title>
  <?php echo getStyleSheetLink() ?>
</head>
<body>

<center><?php echo sprintf(_XG_MESSAGE_EDIT,$field); ?>

<?php 
// we sanitize by striping slashes, and see other formating!
$myts =& MyTextSanitizer::getInstance();
echo makeFormIntro("edit_field.php", array("name" => "theform", "method" => "POST")); 
?>
<input type="hidden" name="field" value="<?php echo $field ?>">
<textarea name="data" rows="6" cols="45"><?php echo $myts->stripSlashesGPC($gallery->album->fields[$field]) ?></textarea>
<p>
<input type="submit" name="submit" value="<?php echo _XG_SAVE; ?>">
<input type="submit" name="submit" value="<?php echo _XG_CANCEL; ?>" onclick='parent.close()'>
</form>

<script language="javascript1.2">
<!--   
// position cursor in top form field
document.theform.data.focus();
//-->
</script>

</body>
</html>
